PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Fix a crash in http-vuln-wnr1000-creds when request fails (i.e. not vuln)

Browse Source
This commit is contained in:
dmiller
2017-03-24 16:20:00 +00:00
parent 87fb195c3f
commit 3220cbd62b
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
scripts/http-vuln-wnr1000-creds.nse
View File

@@ -67,13 +67,17 @@ action = function(host, port)
local detection_session = http.get(host, port, uri) local detection_session = http.get(host, port, uri)
if detection_session then if detection_session.status then
if not detection_session.body then
stdnse.debug1("No response body")
return vuln_report:make_output(vuln)
end
-- gather the id -- gather the id
local id_netgear = string.match(escape(detection_session.body), ('(id=%d+)')) local id_netgear = string.match(escape(detection_session.body), ('(id=%d+)'))
if id_netgear == nil then if id_netgear == nil then
stdnse.debug1("Unable to obtain the id") stdnse.debug1("Unable to obtain the id")
return return vuln_report:make_output(vuln)
else else
-- send the payload to get username and password -- send the payload to get username and password
local payload_session = http.post(host, port, uri .. "passwordrecovered.cgi?" .. id_netgear, { no_cache = true }, nil, "") local payload_session = http.post(host, port, uri .. "passwordrecovered.cgi?" .. id_netgear, { no_cache = true }, nil, "")